From: Joshua Murphy <poisonbl@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] How send mail when user login on ssh or local ?
Date: Thu, 30 Jul 2009 13:49:30 -0400 [thread overview]
Message-ID: <c30988c30907301049i692dec95obde74a0c8aed8b9c@mail.gmail.com> (raw)
In-Reply-To: <4A71B64D.9070201@litrixlinux.org>
2009/7/30 Vagner Rodrigues <vagner@litrixlinux.org>:
>
>
> Hi Folks !
>
>
> Somebody know how I to so send mail with IP and Date/time when same
> user login on shell ( remote or local ) ?
>
> I work with another admin's and I never told me when they access and
> for what my server to do something, I try log but this can be erased
> and maybe mail can help me about access and with this I can Ask about
> this access.
>
>
>
>
>
>
>
> --
>
> Esta mensagem foi verificada pelo sistema de antivírus e
> acredita-se estar livre de perigo.
Well, all questions regarding the reasons you'd be giving root privs
to someone you don't entirely trust aside... the quick and dirty
approach I can think of would be to modify the system wide
/etc/profile to check uid and send an email if a given uid is logged
in. In the end, there's little to no way I'm aware of to guarantee
being alerted about use once someone's being handed root privileges.
If you do go about setting it up that way... OpenSSH sets variables[1]
regarding the session (IP and such) and those can be used to identify
that. The `tty` command[2] can be used to tell you whether the access
is direct physical access to the system's virtual consoles or not. You
could even bypass dependency on the local system having working mail
configuration and such if you have an smtp server off-host you can
send through by using netcat. A Windows variation[3] I found of the
same principle idea does just that. And, lastly, if you use sudo you
can leverage its own auditing capabilities to know when it's being
used[4].
[1] For example:
SSH_CLIENT=127.0.0.1 44681 22
SSH_TTY=/dev/pts/1
SSH_CONNECTION=127.0.0.1 44681 127.0.0.1 22
Which are of the form:
SSH_CLIENT=<client ip> <client port> <server port>
SSH_TTY=<local tty or pty>
SSH_CONNECTION=<client ip> <client port> <server ip> <server port>
[2] http://swoolley.org/man.cgi/tty
[3] http://community.spiceworks.com/how_to/show/225
[4] http://www.cyberciti.biz/faq/sudo-send-e-mail-sudo-log-file/
--
Poison [BLX]
Joshua M. Murphy
"Real programmers can write assembly code in any language." - Larry Wall
next prev parent reply other threads:[~2009-07-30 17:49 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-07-30 15:03 [gentoo-user] How send mail when user login on ssh or local ? Vagner Rodrigues
2009-07-30 17:49 ` Joshua Murphy [this message]
2009-07-30 22:05 ` [gentoo-user] " Harry Putnam
2009-07-30 22:12 ` Alan McKinnon
2009-07-31 12:34 ` Doug O'Neal
2009-08-01 13:35 ` James
2009-08-01 16:27 ` Alan McKinnon
2009-08-01 23:54 ` James
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c30988c30907301049i692dec95obde74a0c8aed8b9c@mail.gmail.com \
--to=poisonbl@gmail.com \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox